<?php
/*
	Copyright 2006, 2007, 2008, 2009, 2010 Bastiaan Grutters
    
    This file is part of Ages of Strife website.

    Ages of Strife website is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Ages of Strife website is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Ages of Strife website.  If not, see <http://www.gnu.org/licenses/>.
 */
include( '../global/initialize.php' );

include( "../global/adodb-time.inc.php" );
if( isset( $_POST[ 'content' ] ) && formatEmail( $_POST[ 'content' ] ) != '' ) {
	$history_id = getPostValue( 'history_id' );
	$parent_id = getPostValue( 'parent_id' );
	
	$query = "SELECT allow_comments " .
    		"FROM history " .
    		"WHERE history_id = " . $history_id;
    $result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
	$row = mysql_fetch_array( $result, MYSQL_ASSOC );
	if( isset( $row[ 'allow_comments' ] ) ) {
		if( $row[ 'allow_comments' ] == 1 ) {
			$text = $_POST[ 'content' ];
			$text = strip_tags( $text, '<a><b><i><u><strong><h1><h2><img><em>');
			$text = str_replace( 'style', 'not_allowed', $text );
			$text = str_replace( 'onmouseover', 'not_allowed', $text );
			$text = str_replace( 'onclick', 'not_allowed', $text );
			$text = str_replace( 'onload', 'not_allowed', $text );
			$text = str_replace( 'onmouseout', 'not_allowed', $text );
			$text = addslashes( $text );
			$turn = getCurrentTurn();
			$date = getCurrentDate();
			$timestamp = time();
			if( $parent_id != -1 ) {
				$query = "SELECT count(*) " .
			    		"FROM comments " .
			    		"WHERE comment_id = " . $parent_id;
			    $result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
				$row = mysql_fetch_array( $result, MYSQL_ASSOC );
				if( $row[ 'count(*)' ] == 0 ) {
					$parent_id = -1;
				}
			}
			
			$query3 = "INSERT INTO comments " .
					"( content, history_id, ruler_id, parent_id, date, turn, timestamp ) " .
					"VALUES ( '$text', $history_id, " . $_SESSION[ 'ruler_id' ]. ", $parent_id, " . 
							"'$date', $turn, $timestamp )";
			mysql_query( $query3 ) or die( "Query failed : " . mysql_error() );
			
			toggle_history_subscription( $history_id, $_SESSION[ 'ruler_id' ], true );
			
			$query = "SELECT comment_id " .
		    		"FROM comments " .
		    		"WHERE content = '$text' AND history_id = $history_id AND timestamp = $timestamp AND parent_id = $parent_id";
		    $result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
			$row = mysql_fetch_array( $result, MYSQL_ASSOC );
			$comment_id = $row[ 'comment_id' ];
			
			$query = "SELECT title " .
		    		"FROM history " .
		    		"WHERE history_id = $history_id";
		    $result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
			$row = mysql_fetch_array( $result, MYSQL_ASSOC );
			$title = $row[ 'title' ];
			
		    $query = "SELECT ruler_id " .
	    		"FROM history_subscription " .
	    		"WHERE history_id = $history_id " .
	    		"AND ruler_id != " . $_SESSION[ 'ruler_id' ];
		    $result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
		    $num = mysql_numrows( $result );
			$i = 0;
			$subject = "There is a new comment on: $title";
			$text = "There was a new comment on a history item you are subscribed to.\r\n" .
					"\r\n" .
					"Click <a href=\\\"../history/history.php?id=$history_id#comment-$comment_id\\\">here</a> to read it.";
			while ( $i < $num ) {
				$query2 = "INSERT INTO news " .
						"( ruler_id, news, subject, type, date, turn ) " .
						"VALUES ( " . mysql_result( $result, $i, "ruler_id" ) . ", \"$text\", \"$subject\", 2, '$date', $turn )";
				mysql_query( $query2 ) or die( "Query failed : " . mysql_error() );
				
				$i ++;
			}
			$status = translate( "Comment added" );
		}
		else {
			$status = translate( "You are not allowed to comment on this entry" );
		}
	}
	else {
		$status = translate( "Invalid history id" );
	}
}
else {
	$status = translate( "Empty comments are not allowed." );
}

$_SESSION[ 'comment_write_status' ] = $status;
if( isset( $history_id ) ) {
	header( "Location: history.php?id=$history_id" );
}
else {
	header( "Location: history.php" );
}
?>
